Release Notes : 3-DNS Controller, Release Note

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.0.0
Release Notes
Updated Date: 04/18/2019

Summary:

Contents:


Installing the upgrade

The following instructions explain how to install the 3-DNS Controller, version 4.0.1 onto existing crypto systems that are running version 3.0 and later.

Important:  If you are running 3-DNS Controller, version 2.1.2 or earlier, you must first upgrade to version 3.0.  You can then upgrade to version 4.0.1.

  1. On the 3-DNS Controller, change to the /var/tmp/ directory:
    cd /var/tmp/
  2. Connect to the F5 Networks FTP site at ftp.f5.com.
  3. Download the upgrade file, 3dns4.0.1upgrade.tgz, to the /var/tmp/ directory on the target 3-DNS Controller.
  4. Download the sum file to the /var/tmp/ directory on the target 3-DNS Controller.
  5. Verify the integrity of the upgrade file by typing the sum command where <file name> is the name of the upgrade file:
    sum <file name>

    If the checksum numbers match, the upgrade file is valid.  If they do not match, open a new FTP connection, and try to download the upgrade file again.

  6. Extract the kit file in the /var/tmp/ directory by typing the following command:
    tar -xvzf 3dns4.0.1upgrade.tgz
  7. Verify the integrity of the extracted files by typing the following command:
    ./checksum
  8. Run the upgrade_install script in the /var/tmp/ directory:
    ./upgrade_install

    The upgrade_install script performs a backup of your critical system files and executables.  When the script is done, it automatically reboots your system.

  9. Once you install the 3-DNS Controller software, you need to install the new version of the big3d agent on all BIG-IP Controllers, EDGE-FX Caches, and GLOBAL-SITE Controller managed by the 3-DNS Controller, as follows:

    1. Log in to the 3-DNS Controller.
    2. Type 3dnsmaint to open the 3-DNS Maintenance menu.
    3. Select Install and Start big3d, and press Enter.
      The 3-DNS Controller detects all BIG-IP Controllers and EDGE-FX Caches in the network and updates their big3d agents.
    4. Press the Enter key to return to the 3-DNS Maintenance menu.
    5. Press the Q key to quit.

Once you install the software update, refer to the Configuring and using the new software section, which contains important information about required configuration changes and new configuration options.


[ Top ]

New features and enhancements

3-DNS Documentation CD-ROM
The 3-DNS Controller now includes the 3-DNS Documentation CD-ROM, which contains PDF files of the 3-DNS Installation Guide, the 3-DNS Administrator Guide, and the 3-DNS Reference Guide.  The CD-ROM also contains the Release Note and the optional software downloads for the 3-DNS Controller.  When you insert the 3-DNS Documentation CD-ROM into your work station's CD-ROM drive, you can view any of the documents.

The 3-DNS module on the BIG-IP platform
Some versions of the BIG-IP platform are available with the 3-DNS software module installed on them.  In the 3-DNS Controller configuration, you treat the BIG-IP platform and the 3-DNS module as if they were separate devices.  For more information, see the Configuring a BIG-IP running the 3-DNS module section of this release note.

3dpipe utility
Using the 3dpipe utility, you can perform the following tasks, at the command line:

  • View lists of configured data centers, server types, virtual servers, wide IPs, and pools
  • View the status (enabled or disabled) of configured data centers, server types, virtual servers, wide IPs, and pools
  • Enable configured data centers, server types, virtual servers, wide IPs, and pools
  • Disable, for a specific time period, configured data centers, server types, virtual servers, wide IPs, and pools
  • View summary statistics for the 3-DNS Controller itself

For more information on using the 3dpipe utility, review the supplemental PDF file, 3dpipe Command Reference.  (This file opens in a separate browser window.)

BIG-IP IP Application Switch
The 3-DNS Controller is fully integrated with the BIG-IP IP Application Switch.  You add the IP Application Switch to the 3-DNS Controller configuration exactly the same way that you add a BIG-IP Controller to the 3-DNS Controller configuration.  For more information on adding a BIG-IP Controller to the configuration, refer to the Defining BIG-IP Controllers  section in the 3-DNS Administrator Guide, Chapter 2, Essential Configuration Tasks.

ECV prober IP address
For BIG-IP Controller ECV probes, you can now specify the IP address of the prober you want the 3-DNS Controller to use when you have set up ECV service monitors.  For more information, see the online help for the Modify BIG-IP screen in the Configuration utility.

ECV prober factories
The following server types now support extended content verification (ECV) factories:  3-DNS Controllers, BIG-IP Controllers, EDGE-FX Caches, and GLOBAL-SITE Controllers.  When you have set up ECV service monitors for wide IPs, an ECV factory performs a more extensive availability check than the other factories.  By default, five ECV factories are enabled.

You configure ECV factories when you add a new server to the 3-DNS configuration.  You can also add ECV factories to existing servers on each server's Modify screen.  For more information on configuring ECV factories, review the online help for the Add or Modify screens for any of these server types:  3-DNS Controllers, BIG-IP Controllers, EDGE-FX Caches, or GLOBAL-SITE Controllers.

EDGE-FX Cache, version 2.0
The 3-DNS Controller now supports the EDGE-FX Cache, version 2.0.

GLOBAL-SITE Controller
The 3-DNS Controller can now collect path and metrics data from the GLOBAL-SITE Controller using iQuery and the big3d agent.  The GLOBAL-SITE Controller is a unique global data management appliance that manages and automates the task of publishing, distributing, and synchronizing file-based content and applications to multiple servers at local and geographically-distributed Internet sites.  Note that the GLOBAL-SITE Controller does not manage virtual servers.

For more information on configuring the GLOBAL-SITE Controller, please refer to the 3-DNS online help for the GLOBAL-SITE Controller server type.  You can also review the Defining GLOBAL-SITE Controllers section in Chapter 2, Essential Configuration Tasks, in the 3-DNS Administrator Guide.

iControl, version 2.0
The 3-DNS Controller now supports the global load balancing components of the iControl SDK.  For more information on iControl and the iControl SDK, see that product’s documentation.

Internet Weather Map Statistics screen
The Internet Weather Map Statistics screen, in the Configuration utility, provides real-time data for average round trip time, average completion rate, and average router hops from all data centers in your network to each continent.  To view the Internet Weather Map Statistics screen, expand the Statistics item in the navigation pane, and then click Weather Map.  For information on working with the Internet Weather Map Statistics screen, view the online help.

New global variables
The 3-DNS Controller has two new global variables:  probe_from_distance and drain_requests.

  • The probe_from_distance variable
    The probe_from_distance variable, when set to yes, specifies that ECV probes, and server and virtual server availability checks, should be initiated from a big3d agent that is on a remote device in a data center other than the initiating data center.  If no remote big3d agent is available, then the probes and availability checks are initiated by any available big3d agent.  You can configure the probe_from_distance variable in either the Configuration utility, or in the wideip.conf file.  To turn on the probe_from_distance variable in the Configuration utility, check the Probe From Distance box on the System - General screen.
  • The drain_requests variable
    The drain_requests variable, when set to yes, specifies that load-balanced persistent connections are allowed to remain connected, until the TTL expires, when you disable a pool.  When you set the drain_requests variable to no, the connections are terminated immediately when the pool is disabled.  This variable affects the persist variable in the wide IP sub-statement.  You can only configure the drain_requests variable in the wideip.conf file, by adding it to the globals statement.  For more information, see Chapter 13, wideip.conf Configuration, in the 3-DNS Reference Guide.

Quality of Service values
We have changed the default values for the RTT and Packet Rate coefficients for the Quality of Service load balancing mode.  The default value for RTT is now 50, and the default value for Packet Rate is now 1.

Split from BIND
The 3-DNS Controller DNS engine no longer relies on BIND for DNS resolution.  The benefits are as follows:

  • You can upgrade the version of BIND independently of 3-DNS Controller upgrades.
  • You can use the 3-DNS Controller to load balance DNS queries to your wide IPs, and redirect other DNS requests to an alternate DNS server.
  • You can now configure the 3-DNS Controller in one of three modes:  node, bridge, router
    • In node mode, the 3-DNS Controller becomes the authoritative DNS for your domains.  Node mode is how the 3-DNS Controller has functioned until now.
    • In bridge mode, the 3-DNS Controller resolves DNS queries that match wide IPs, and forwards the remaining DNS queries to an authoritative DNS.  Bridge mode does not require BIND files on the controller.
    • In router mode, the 3-DNS Controller resolves DNS queries that match wide IPs, and directs the remaining DNS queries between separate IP subnets, or to an authoritative DNS.  Router mode does not require BIND files on the controller.
  • You can now add an unlimited number of wide IP aliases to your configuration.
  • You can use the following wildcard characters in wide IP names and aliases:
    • The asterisk character ( * ) can replace multiple characters in a wide IP name or alias.
    • The question mark character ( ? ) can replace a single character in a wide IP name or alias.

For more information about configuring the 3-DNS Controller modes, see the Configuring the 3-DNS Controller mode section of this release note.  Refer also to the Configuring the 3-DNS Controller mode  section in the 3-DNS Installation Guide , Chapter 3, Working with the First-Time Boot Utility.

For more information about using wildcard characters, see the Using wildcard characters section of this release note.  See also the online help for either the Add a New Wide IP screen or the Modify a Wide IP Alias screen, in the Configuration utility.

User administration
The 3-DNS Controller now has a partial read/write user level.  When you assign the partial read/write level to a user, he or she can enable or disable data centers, servers, virtual servers, wide IPs, and pools, but cannot add or delete any part of the configuration.  For more information on configuring user administration in the Configuration utility, see the online help for the User Administration screen.  For more information on user administration, see Chapter 6, Monitoring and Administration, in the 3-DNS Administrator Guide.


[ Top ]

Configuring and using the new software

Required configuration changes

Configuring access for Support

After the upgrade, if you want F5 Support to have access to your 3-DNS Controller, you must update the Support IP address in the /etc/hosts.allow file.

To edit the Support IP address

  1. From the command line, use a text editor (either vi or pico) to open the /etc/hosts.allow file:
    vi /etc/hosts.allow
  2. Make the following changes in the hosts.allow file.
    • Delete the following IP addresses:
      207.17.117.200 and 207.17.117.0/24
    • Add the following IP address:
      65.197.145.244

  3. Save and close the /etc/hosts.allow file.

F5 Support can now access your 3-DNS Controller if you have specified that you want Support to have access.

Important:  You grant access to Support either when you run the First-Time Boot utility or when you run the config utility.  It is not possible for Support to gain access to your controller if you do not grant them access.

Configuring a data center

The 3-DNS Controller no longer creates a default data center when you configure the controller for the first time.  Therefore, if the controller you are configuring is not a member of a sync group, and you are configuring the controller for the first time, you need to add a data center to the configuration before you continue with any other portion of the configuration.  For details on how to add a data center to your configuration, refer to the Setting up a data center  section of Chapter 2, Essential Configuration Tasks, in the 3-DNS Administrator Guide.


[ Top ]

Optional configuration changes

Configuring the 3-DNS Controller mode

You configure the 3-DNS Controller mode when you run the First-Time Boot utility.  When you select the node mode, the First-Time Boot utility also asks you if you want to configure NameSurfer to manage the DNS zone files.  If you select the bridge mode or the router mode, you do not configure NameSurfer.  For more information, refer to Chapter 3, Working with the First-Time Boot Utility, in the 3-DNS Installation Guide.

Configuring a BIG-IP running the 3-DNS module

In the 3-DNS Controller configuration, you treat the BIG-IP platform and the 3-DNS software module as if they were separate devices.  You can add the two server types either by using the Configuration utility or by editing the wideip.conf file.  The following instructions describe how to add a BIG-IP with the 3-DNS software module with the name combo.domain.net and the IP address 192.168.100.100.

To add a BIG-IP with the 3-DNS software module using the Configuration utility

  1. In the navigation pane, expand the Servers item, and then click BIG-IP Controllers.
    The BIG-IP Controllers screen opens.
  2. On the toolbar, click Add BIG-IP Controller.
    The Add BIG-IP Controller screen opens.
  3. In the BIG-IP Controller Name box, type combo.domain.net.
  4. In the BIG-IP IP Address box, type 192.168.100.100.
  5. Add the rest of the settings as needed.

When you have finished configuring the BIG-IP Controller, you can add the 3-DNS module to the configuration.

  1. In the navigation pane, expand the Servers item, and then click 3-DNS Controllers.
    The 3-DNS Controllers screen opens.
  2. On the toolbar, click Add 3-DNS Controller.
    The Add 3-DNS Controller screen opens.
  3. In the 3-DNS Controller Name box, type combo.domain.net.
  4. In the 3-DNS IP Address box, type 192.168.100.100.
  5. Add the rest of the settings as needed.

Note that both server types use the same name and IP address, as indicated by the highlighted text in the following example.  If you are configuring a redundant system, you use the shared IP address.  For assistance, contact technical support.

To add the BIG-IP Controller with the 3-DNS module from the command line

  1. At the command line, type 3dnsmaint.
    The 3-DNS Maintenance menu opens.
  2. Using the arrow keys, choose Edit 3-DNS Configuration.
  3. Add the following syntax to the wideip.conf file:

    server { // datacenter=DC1, #VS=1
       type     bigip
       address    192.168.100.68
       name    "birch.win.net"

       limit { /* none */ }
       iquery_protocol udp
       remote {
         secure    yes
         user    "root"
       }
       factories {
         snmp    1
       }
       prober    127.0.0.1
    }


    server { // datacenter=DC1, #VS=0
       type     3dns
       address    192.168.100.68
       name    "birch.win.net"

       limit { /* none */ }
       iquery_protocol udp
       remote {
         secure    yes
         user    "root"
       }
       factories {
         snmp    1
       }
    }


Updating the snmpd.conf file

The ./upgrade_install script installs an updated version of the UC-Davis SNMP daemon, updates the snmpd.conf file, and saves the existing snmpd.conf file in the /etc directory with the name snmpd.conf.save.  If you monitor the 3-DNS Controller using SNMP, and you have customized the snmpd.conf file, you must migrate the customizations from the snmpd.conf.save file to the newer snmpd.conf file.

Using wildcard characters

The 3-DNS Controller now supports wildcard characters in wide IP names and wide IP aliases.  You can use the wildcard characters to simplify your maintenance tasks if you have a large quantity of wide IP names and/or wide IP aliases.  The wildcard characters you can use are:  the question mark ( ? ), and the asterisk ( * ).  The guidelines for using the wildcard characters are as follows:

  • The question mark ( ? )
    • You can use the question mark to replace a single character, with the exception of dots ( . ).
    • You can use more than one question mark in a wide IP name or alias.
    • You can use both the question mark and the asterisk in the same wide IP name or alias.
  • The asterisk ( * )
    • You can use the asterisk to replace multiple consecutive characters, with the exception of dots ( . ).
    • You can use more than one asterisk in a wide IP name or alias.
    • You can use both the question mark and the asterisk in the same wide IP name or alias.

The following examples are all valid uses of the wildcard characters for the wide IP name, www.mydomain.net.

  • ???.mydomain.net
  • www.??domain.net
  • www.my*.net
  • www.??*.net
  • www.my*.*
  • ???.my*.*
  • *.*.net
  • www.*.???

Note:  There are two important things to keep in mind when you use wildcard characters.  First, wildcard characters are not inserted into NameSurfer.  Second, if you are using ECV service monitors, they do not scan wide IP names or aliases that contain wildcard characters.


[ Top ]

Fixes

The following issues are resolved in the current release.

3-DNS Console (CR12878)
In the Configuration utility, the 3-DNS Console has been renamed to the MindTerm SSH Client.

The 3dnsd daemon and the IP classifier (CR10556)
When you restart the 3dnsd daemon, you no longer experience a delay due to the size of the IP classifier.

The 3dnsd daemon memory leak (CR16237)
The memory leak in the 3dnsd daemon has been fixed.

Adding hosts and virtual server quantity (CR13643)
When you add a host using the Configuration utility, the virtual server quantity now displays correctly on the Host Servers screen.

Disabling virtual servers with wildcard ports (CR16747)
You can disable BIG-IP virtual servers that use wildcard ports.

Enabling disabled objects in the Configuration utility (CR16410)
You can now re-enable disabled objects using the Configuration utility.

ECV status changes (CR12394)
The 3-DNS Controller now issues a message to the 3-DNS Log when the status of an ECV service check changes from up to down, or down to up.

Foundry ServerIron and big3d agent probes (CR15983)
The big3d agent no longer causes internal errors when probing a Foundry server with an SNMP prober.

Generic data center (CR14738)
The 3-DNS Controller no longer generates a generic data center in the configuration after you run the First-Time Boot utility.

Global Availability and Ratio load balancing modes in the Configuration Utility (CR14978)
On the Modify Load Balancing for [pool name] screen, when you select the Global Availability or Ratio load balancing modes, the popup screens where you configure either the order (for Global Availability) or the ratio (for Ratio) now appear as they should.

The hosts.allow file and SSH access (CR15550)
When you are configuring SSH access, the 3-DNS Controller now converts administrative IP addresses with asterisks in them, for example, 192.168.16.*, to the IP address/netmask format that is required by the hosts.allow file.

Path probe scaling (CR12752)
The path probe scalability of the 3-DNS Controller has been greatly improved.

Prober factories (CR13155)
The maximum number of prober factories was 56.  You can now specify up to 255 prober factories.

Prober statistics screen (CR12863)
The NAN (not a number) error no longer randomly appears in the Probers statistics screen.

Probing Alteon servers (CR15983)
The 3-DNS Controller no longer experiences internal errors when probing Alteon servers.

Secure/Non-secure warnings in the Configuration utility (CR13878)
When you are using Internet Explorer 5.X, the Configuration utility no longer displays a popup screen with a warning message about secure and non-secure items.

Server names and IP addresses (CR13789)
The 3-DNS Controller, version 4.0.1 allows you to use the same name for more than one server type in your configuration.  For example, if you are adding a BIG-IP HA Controller (that has the 3-DNS module enabled) to your configuration, you can use the same name for both the BIG-IP Controller and the 3-DNS Controller.  You cannot, however, use the same name for two servers that are the same server type.

System error log rotation (CR15573)
The log rotation for the system error log, syserr.log, now functions properly.

The telnetd utility (CR16682)
The telnetd utility has been upgraded to the most recent version to eliminate a security vulnerability.  Note that, by default, the telnetd utility in disabled on 3-DNS Controllers.

WAN persistence scaling (CR10685)
The requests.inc file has been removed from the list of files that are synchronized automatically to improve the WAN persistence scalability of the 3-DNS Controller.  Persistence is now synchronized using iQuery and has much better scalability than previous versions.


[ Top ]

Known issues

The following items are known issues in the current release.

The 3-DNS Maintenance menu and new installations (CR14777)
When you are working with a new 3-DNS Controller, before you can use the Edit 3-DNS Configuration command on the 3-DNS Maintenance menu, you need to add a data center and a 3-DNS Controller to the configuration using the Configuration utility.

The 3dpipe utility and sync group names (CR16672)
When you use the syncgroup commands in the 3dpipe utility, you need to know the name of the sync group beforehand because tbe syncgroup command does not have the show all functionality.

Adding host servers in the Configuration utility (CR17431)
If you add a host server with the same IP address more than once, in the Configuration utility, you get an Internal Server Error.  To avoid this error, do not add a host server with a single IP address more than once.  To work around this error, click anything in the navigation pane.

ArrowPoint CS150 and metrics collection (CR10361)
The 3-DNS Controller collects metrics on packets per second and kilobytes per second only for HTTP traffic on the current ArrowPoint CS150 server. 

The kilobytes per second rate as displayed for the ArrowPoint CS150 is approximately 16 times smaller than it should be.  The total byte counts returned from the ArrowPoint MIB are 16 times smaller than the number of bytes that were actually handled.

BIG-IP Controllers with the 3-DNS module and copying iQuery keys (CR14926)
When you use the Generate and Copy iQuery Encryption Key command on the 3-DNS Maintenance menu, the command sometimes fails to copy the key from a previously configured BIG-IP Controller on to a newly configured BIG-IP Controller with the 3-DNS module.  The command may also copy the key to the local controller and fail to copy the key to any remote controller.  If the copy fails (in either instance), re-run the command, and select either the Keep option (which retains the local system's key and copies it out to the other systems), or the Build option (which creates a new key and copies it out to the other systems). 

The bigpipe command and rerunning the config utility (CR16788)
Occasionally when you rerun the config utility, you may see the following error before the license screen appears:
bigpipe: "bigpipe " not understood

The error is benign and does not affect the functionality of the controller.

Cisco CSS series (formerly ArrowPoint) servers and metrics collection
The 3-DNS Controller cannot collect the packets per second and the kilobytes per second metrics on Cisco CSS series (formerly ArrowPoint) software versions prior to 4.0.

Crypto 3-DNS Controllers and CD upgrades
(This applies only to crypto 3-DNS Controllers.)  When you rebuild a 3-DNS Controller (or a BIG-IP) using a CD, the SSH key is changed.  This breaks the trust relationship between the updated controller and any devices with which it interacts.  As a result, synchronization between the controllers in the sync group stops, and you cannot update the big3d agent.  You can correct this situation by removing the newer SSH key and synchronizing the updated controller with other 3-DNS Controllers or BIG-IP units.  Refer to the Resetting the SSH key work-around to reset the SSH key and synchronize the controllers in your network.

Data center names in the Configuration utility (CR14990)
In the Configuration utility, you may get an internal server error if you use special characters in the data center names.  To avoid this error, use only alphanumeric, space, underscore ( _ ), or hyphen ( - ) characters in the data center names.

The drain_requests variable (CR17316)
The drain_requests variable is incorrectly named bleed_requests in Chapter 13, wideip.conf Configuration, in the 3-DNS Reference Guide.

Fully qualified domain names in wide IPs (CR12314)
When you add or modify a wide IP definition, either by using the Configuration utility or by editing the wideip.conf file, you cannot use the same fully-qualified domain name (FQDN) more than once.  If you try to use the same FQDN as a wide IP name in one definition, and as an alias in another definition, the Configuration utility stops working.

Global Availability load balancing within a pool (CR13112)
When you create a pool for a new or for an existing wide IP, and you use the Global Availability load balancing method, you may experience problems under the following circumstances:

  • You are using Internet Explorer 5.0 or 5.5.
  • You select Global Availability in the Load Balancing Modes, Preferred list on the Configure Load Balancing for New Pool screen.
  • You have a large quantity of virtual servers in your configuration.
If you want to use the Global Availability load balancing method, and you meet the previous criteria, please see the Using Global Availability load balancing for pools work-around following this table.

iControl Portal (CR17415)
To restart the iControl Portal, you must reboot the 3-DNS Controller.

Java applets and the Configuration utility (CR10381)
Parts of the Configuration utility for the 3-DNS Controller use Java applets and require the presence of the Java Virtual Machine (JVM) on your local machine.  However, some default installations of Internet Explorer do not contain the JVM.  If your version of Internet Explorer does not contain a JVM, you can obtain a JVM by going to the Tools menu, choosing the Windows Update link, selecting PRODUCT UPDATES, and looking in the Additional Windows Features section.  Alternately, you can go to the Internet Explorer section of Microsoft's web site.

MindTerm SSH Client and multiple Netscape browser sessions (CR12121)
If you have more than one MindTerm SSH Client session open, and you are running Netscape, you can close only one session.  We recommend that you open only one instance of the MindTerm SSH Client.

Modify Virtual Server Translations screen and proper data display (CR14029)
If you have configured more than one virtual server translation using the Configuration utility (for BIG-IP Controller virtual servers only), the Modify Virtual Server Translations screen does not refresh properly when you remove a virtual server translation.  To view the correct information on the Modify Virtual Server Translations screen, after you have removed a virtual server translation, click the Refresh button on the browser toolbar, and then go back to the Modify Virtual Server Translations screen.

Netscape Navigator 6.0 (CR12116)
The Configuration utility does not currently support Netscape 6.0.

Netscape Navigator on UNIX systems (CR12132)
If you are running Netscape on a UNIX (Linux, *BSD, Solaris) system, the MindTerm SSH Client item is not available in the navigation pane of the Configuration utility.  Instead you can access the 3-DNS Controller command line utility using a standard SSH connection.

Netscape Navigator and the Network Map (CR11161)
The Network Map does not display large configurations properly when you run Netscape on a UNIX or Linux platform.  We recommend that you use a Windows-based browser to view large network configurations with the Network Map.

Network Map and multiple browser sessions (CR11173)
When you view the Network Map, you might get an error when you open additional browser sessions with Internet Explorer or Netscape.  This error only occurs if the additional browser sessions use Java applets.  We recommend that you close any additional browser sessions before viewing the Network Map.

Non-crypto controllers and RSH (CR14832)
If you have non-crypto controllers, you must configure RSH from the command line to establish secure communications between the controller and other F5 devices.  If you have a mixed environment, with crypto and non-crypto controllers, you must configure RSH as well as SSH on the crypto controllers, so that they can communicate with the non-crypto controllers.  For details on how to configure the rsh utility, see the Configuring RSH on non-crypto controllers work-around.

Non-crypto EDGE-FX Caches (CR11035)
When using an RSH session to connect to an EDGE-FX Cache that does not have SSH available (a non-crypto EDGE-FX Cache), you may get a connection refused error message.
To use an RSH session with a non-crypto EDGE-FX Cache

  1. Use Telnet or a terminal console to connect to the EDGE-FX Cache.
  2. In the /etc/inetd.conf file, remove the comment (#) character from the line:
    #shell stream tcp nowait root /usr/libexec/rshd rshd
  3. Type the following command:
    kill -HUP `cat /var/run/inetd.pid`
    This causes the inetd daemon to re-read its configuration.

NTP configuration and the /etc/rc.conf file (CR15764)
When you configure NTP (network time protocol) using the config ntpclocks command, the command does not properly update the /etc/rc.conf file.

Probe protocol for local DNS servers
We recommend that you use the ICMP, DNS_REV, or DNS_DOT probing methods, and that you do not use the Port Discovery probing method, to probe local DNS servers.

Prober statistics and Internet Explorer 5.0 and later (CR10153)
When you are viewing Histograms or Metrics on the Prober Statistics screen, you might encounter errors if you are using Microsoft Internet Explorer 5.0 or later.  We recommend using the following procedure to view the Histograms or Metrics:

  1. In the navigation pane, expand the Statistics item, and click Probers.
  2. In the Prober Statistics screen, click either Metrics or Histogram.
    A dialog box appears.
  3. Select Save this file to disk and click OK.

The browser saves the file, and you can now open the file using Microsoft Excel.

Random data in the Configuration utility screens (CR 14895, CR15320)
On rare occasions, you may see random data at the end of the tables in the Configuration utility.

RSH configuration and the hosts.allow file (CR15549)
The config_rshd script, which configures the rshd utility, writes specific IP addresses (for the hosts that are allowed RSH access) in the CIDR format.  For example, if you enter the following IP address, 192.168.10.10, the config_rshd script converts the IP address to the following format:  192.168.10.10/32.  The hosts.allow file (where the IP addresses are stored) does not understand IP addresses in the CIDR format.  The work-around for this issue is to edit the specific IP addresses in the hosts.allow file by removing the /32 CIDR netmask.

Screen resolution and the Configuration utility (CR10518)
If the screen resolution on your monitor is set to less than 1024 x 768 pixels, you may not see the entire 3-DNS Controller toolbar in the Configuration utility.  If your monitor allows it, we recommend that you set your screen resolution to 1024 x 768 pixels.

Solstice SNMP agent and metrics collection
The Solstice SNMP agent, which runs on some Sun systems, delays the updating of some metrics for longer than 30 seconds.  As a result, in the 3-DNS Controller SNMP Statistics screen, the packet rates and kilobytes per second rates can fluctuate from a zero value to a real value.  If you are polling Sun Solaris servers in your network, you may want to set the SNMP polling time on the 3-DNS Controller to an interval greater than 60 seconds.

The snmpd.conf file and the 3dns.log file
If you have SNMP configured on the 3-DNS Controller, the 3dns.log file may fill up quickly.  To correct this, you must edit the snmpd.conf file from the command line, as explained in the Editing the snmpd.conf file work-around.

Statistics screens and viewing 3-DNS Controller status (CR9452)
When you disable a 3-DNS Controller that is a member of a sync group, the 3-DNS Statistics and Sync Group Statistics screens in the disabled controller's Configuration utility display an inaccurate status (a red ball) for all of the other 3-DNS Controllers in the same sync group.  You can see the correct status of the controllers in the 3-DNS Statistics and Sync Group Statistics screens of any enabled 3-DNS Controller in the sync group.

Sync group names in the Configuration utility (CR14955)
In the Configuration utility, you may get an internal server error if you use special characters in the sync group names.  To avoid this error, use only alphanumeric, space, underscore ( _ ), or hyphen ( - ) characters in the sync group names.

Sync groups and renaming pools or wide IPs (CR16457)
When you have three or more 3-DNS Controllers in a sync group, and you rename a pool or wide IP more than once, the renamed pools or wide IPs do not get synchronized properly.  To avoid this problem, either refrain from renaming your pools or wide IPs more than once, or run the 3ndc restart command on the remaining sync group members.

Synchronization and 3-DNS Controller versions (CR11186)
The 3-DNS Controller, version 4.0.1 does not synchronize with 3-DNS Controllers that are running versions prior to 4.0.1.

Virtual server dependencies entries (CR11414)
If you remove seven or more entries at one time from a Virtual Server Dependencies List and you are running Internet Explorer 5.0, you may get an error.  To avoid this error, remove fewer entries at a time.

Wide IP production rules (CR11710)
When you create a wide IP production rule with a Date/Time time variable, the production rule action does not stop in the time frame that you specify in the Stop Time box.  We recommend that you do not configure a production rule with the Date/Time time variable.

Wide IP production rules (CR11202)
When you create a wide IP production rule using the Configuration utility, in the Select Local DNS screen, you must type the IP address and subnet mask in the appropriate boxes.  You cannot use the CIDR format (for example, 192.168.10.10/24) in these boxes.


[ Top ]

Work-arounds for known issues

The following sections describe work-arounds for some of the known issues listed in the previous section.

Configuring RSH on non-crypto controllers

The following instructions describe how to configure the rsh utility from the command line.  You need to configure the rsh utility on all the non-crypto controllers for which you want to establish secure communications, as well as crypto controllers that communicate with non-crypto controllers.

To set up the rsh utility from the command line

  1. On the local controller, open the /etc/hosts file.
  2. Add the host name and IP address of the remote controller (the controller from which you want to log on) to the file.
  3. Save and close the file.
  4. Next, open the /etc/hosts.equiv file.
  5. Add the host name and user name for the remote controller to the /etc/hosts.equiv file.  The host name is the same as the one you added to the /etc/hosts file.  The user name is the login name of the user on the local controller that you want to allow access to the remote controller.  Add the host name and user name to the file in the following format:
    hostname     username
  6. Save and close the file.
  7. Next, change to the /root directory.
  8. In the /root directory, create a .rhosts file.  The syntax is the same as the /etc/hosts.equiv file.
  9. For the .rhosts file, set the file permissions using the chmod 600 command.
  10. Save and close the file.

You can now use the rsh utility to run commands on the remote controller.


[ Top ]

Editing the snmpd.conf file

Use the following instructions to edit the snmpd.conf file so the the 3dns.log file no longer fills up too quickly.

To edit the snmpd.conf file
  1. At the command line, change to the /etc/snmpd.conf directory.
  2. Using the text editor of your choice, locate the following line in the file:
    trapsink 192.168.101.62
  3. Comment out the line by adding the comment (#) character in front of trapsink.

[ Top ]

Resetting the SSH key

The following instructions describe how to reset the SSH key for a controller that you have upgraded using a CD.

To reset the SSH key for an updated 3-DNS Controller
  1. From the command line of each controller in the sync group that has not been upgraded, change to the /root/.ssh/ directory.
  2. In either the known_hosts file or the known_hosts2 file, remove the SSH key for the upgraded controller.
  3. On the controller that you upgraded, type 3dnsmaint at the command line to open the 3-DNS Maintenance menu.
  4. Choose Configure SSH communication with remote devices, and press Enter. 
    The 3-DNS Controller updates all sync group members with the SSH key of the upgraded controller.
  5. Press Enter to return to the 3-DNS Maintenance menu.
  6. Press Q to quit.

[ Top ]

Using the Global Availability load balancing mode within a pool

The following instructions describe how to configure the Global Availability load balancing mode within a pool.  You need to use these instructions only if you meet the criteria listed in the Using the Global Availability load balancing mode within a pool item in the Known Issues section.

To configure Global Availability load balancing within a pool in a new wide IP

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.
  2. On the toolbar, click Add Wide IP.
    The Add a New Wide IP screen opens.
  3. Type the settings for the new wide IP, and click Next.
    The Configure Load Balancing for New Pool screen opens.
  4. Select a load balancing mode other than Global Availability in all of the following lists:
    • Load Balancing Modes, Preferred
    • Load Balancing Modes, Alternate
    • Load Balancing Modes, Fallback

    Note that you can accept the default settings, rather than changing the settings.
  5. Click Next.
    The Select Virtual Servers screen opens.
  6. Once you have finished configuring the virtual servers for the pool, click Finish to save your changes.
  7. On the Wide IP List screen, select the wide IP that you just created.
  8. On the toolbar, click Modify Pool.
    The Modify Wide IP Pools screen opens.
  9. Click the pool that you just created.
    The Modify Load Balancing for [pool name] screen opens.
  10. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred, or the Load Balancing Modes, Alternate, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.

To configure Global Availability load balancing within a pool in an existing wide IP

  1. In the navigation pane, click Wide IPs.
    The Wide IP List screen opens.
  2. On the toolbar, click Add Pool.
    The Configure Load Balancing for New Pool screen opens.
  3. Select a load balancing mode other than Global Availability in the following lists:
    • Load Balancing Modes, Preferred
    • Load Balancing Modes, Alternate
    • Load Balancing Modes, Fallback

    Note that you can accept the default settings; you do not have to change the settings.
  4. Once you have finished configuring the pool, click Finish to save your changes.
    The Wide IP List screen opens.
  5. In the Pools column, select the pools for the wide IP that you just modified.
    The Modify Wide IP Pools screen opens.
  6. In the Pool Name column, click the name of the pool that you just created.
    The Modify Load Balancing for [pool name] screen opens.
  7. Select Global Availability, as appropriate, in the Load Balancing Modes, Preferred list, or the Load Balancing Modes, Alternate list, or the Load Balancing Modes, Fallback list, and click Update.
    The Modify Virtual Servers screen opens, where you can determine the order in which the 3-DNS Controller load balances to the virtual servers in the pool.

[ Top ]